Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
Fully Automated is your weekly rundown of the biggest healthcare cybersecurity stories, delivered in a conversational format by Alex and Jen, two AI hosts who break down breaches, vulnerabilities, and compliance news with clarity, a little dark humor, and always a practical takeaway. Perfect for healthcare IT leaders, administrators, and compliance officers who want to stay informed without wading through the noise.
Paubox Weekly Fully Automated - A HIPAA compliant email security Podcast
More ways to sign in securely with multi-factor authentication
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
You're listening to Powbox Weekly, fully automated.
SPEAKER_00I'm Jen. I stare at threat reports so you don't have to.
SPEAKER_01And I'm Alex. I translate those reports into something your board might actually read. It's been a week. It's always been a week. Let's start with some good news for once. Powbox rolled out new MFA options.
SPEAKER_00Finally, more ways to prove you are who you say you are. Pass keys, authenticator apps, text, email, recovery codes.
SPEAKER_01The idea being, even if someone gets your password, they still can't get in.
SPEAKER_00That second factor is the difference between close call and incident response.
SPEAKER_01And there are guardrails now to keep you from locking yourself out. Which, let's be honest, happens more than anyone admits. Moving on, Shiny Hunters is back in the news. Of course they are. They're claiming nearly nine terabytes of data stolen from one medical. That's Amazon's primary care subsidiary.
SPEAKER_00Here's the thing though, this wasn't current One Medical data. It was archived records from Iora Health, which they acquired back in 2021.
SPEAKER_01So legacy systems. Again.
SPEAKER_00Legacy systems. Always. The breach didn't touch broader One Medical or Amazon infrastructure. But those old records, still patient data, still protected. The lesson here? When you acquire a company, you acquire their technical debt too, including whatever's sitting in a forgotten storage bucket.
SPEAKER_01Alright, shifting gears. The World Cup. Oh, the fishing bonanza. Researchers found over 600 typosquat domains mimicking FIFA's official site. Plus, 33 fake merchandise stores tied to 2,500 ads.
SPEAKER_00People bought jerseys they never received. And in exchange, they handed over payment card data, personal info, everything.
SPEAKER_01And that data's already circulating on the dark web.
SPEAKER_00Because of course it is. Big events are hunting season for these guys. The emotional pull of fandom makes people click first. Think later.
SPEAKER_01So if you're shopping for gear.
SPEAKER_00Go directly to the official site. Type it yourself. Don't trust that ad.
SPEAKER_01Now, some legislative news. There's a Senate bill targeting cybersecurity risks in Chinese-made medical devices.
SPEAKER_00This one's actually interesting. It would have the FDA and CISA do a retroactive review of legacy devices already deployed in healthcare settings.
SPEAKER_01So devices that are already in hospitals, clinics.
SPEAKER_00Right. And if they're flagged as threats, FDA could recall them.
SPEAKER_01These devices often collect, transmit, or store PHI.
SPEAKER_00Exactly. They're not just sitting in a corner. They're connected. They're talking to networks. And if they're compromised, that's a direct line to patient data.
SPEAKER_01Something for compliance teams to watch. Definitely put it on the radar. And finally, some fun. PalBox hosted a social mixer in San Francisco last week. At the Lark Bar. Customers, prospects, friends of Palbox. Apparently they made some new connections too. I heard the pics are up. They are. Worth a look if you want to see what happens when security folks get to relax for a minute.
SPEAKER_00We do occasionally leave our desks.
SPEAKER_01So, wrapping up, what's the thread this week?
SPEAKER_00It's not bad luck, it's bad configurations, blind spots, legacy systems nobody's looking at.
SPEAKER_01Archive data from acquisitions. Devices deployed years ago. Phishing domains that prey on distraction.
SPEAKER_00And most of it? MFA is fixable. Asset inventory is fixable. User education is fixable.
SPEAKER_01The stakes are real, but so are the solutions.
SPEAKER_00Do the boring work. It pays off.
SPEAKER_01That's it for this week. Stay safe out there.
SPEAKER_00And patch your stuff.